CVE-2022-31155

Sourcegraph includes an authorization bug that, in versions before 3.41.0, allows an attacker to overwrite (delete) other users’ saved searches with attacker-controlled data. The vulnerability does not enable reading of others’ saved searches. The issue is mitigated by upgrading to Sourcegraph 3....

CVE-2022-23642

Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...

CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

CVE-2021-43823

Sourcegraph before version 3.33.2 is affected by a side-channel vulnerability in the Saved Searches and Code Monitoring features. An authenticated but unauthorized actor could create many Saved Searches or Code Monitors to infer whether specific strings exist in private source code, potentially e...

CVE-2021-32787

CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...